Trend Micro Apex Central Logs
Updated Aug 31, 2023Configure Trend Micro Apex Central to send logs to Arctic Wolf
You can configure Trend Micro Apex Central® to send the necessary logs to Arctic Wolf for monitoring security information.
Requirements
- Activated Arctic Wolf Sensor
Steps
- Configure the Syslog Settings.
- Enable log forwarding.
- Verify log forwarding.
- Provide your configuration details to Arctic Wolf.
Step 1: Configure the syslog settings
-
Log in to Trend Micro Apex Central as an administrator.
-
In the menu bar, click Detections > Notifications > Notification Method Settings.
The Notification Method Settings screen appears.
-
In the Syslog Settings section, do the following:
- Server IP address — Enter the FQDN or IP address of your physical sensor or virtual log collector.
- Port — Enter 514.
- Facility — Select the required facility code from the list.
-
Click Save.
Step 2: Enable log forwarding
-
Log in to Trend Micro Apex Central as an administrator.
-
In the menu bar, click Administration > Settings > Syslog Settings.
The Syslog Settings screen appears.
-
Select the Enable syslog forwarding checkbox.
-
For your physical sensor or virtual log collector that receives the logs, do the following:
- Server address — Enter the FQDN or IP address of your physical sensor or virtual log collector.
- Port — Enter 514.
-
For the Format list, select one of the following:
- CEF — Uses the standard Common Event Format (CEF) for log messages.
- Apex Central format — Sets the syslog facility code to
Local0
and the severity code toInformational
.
See Supported Log Types and Formats for more information.
-
In the Log type section, do the following:
- Select the Security logs.
- Select the checkboxes for the logs you want to forward.
- (Optional) Repeat these steps for Product information logs.
-
Click Test Connection.
The syslog server connection status appears at the top of the screen.
-
Click Save.
Trend Micro Apex Central forwards logs to the configured syslog server.
Step 3: Verify log forwarding
- Log in to Trend Micro Apex Central as an administrator.
- In the menu bar, click Administration > Command Tracking.
- In the Command list, select Forward Syslog.
Step 4: Provide your configuration details to Arctic Wolf
-
Go to the Arctic Wolf® Unified Portal.
-
Click Help > Open a New Ticket.
-
Include the following information in the message for your Concierge Security® Team (CST):
- Confirmation that you have completed the steps in this configuration guide.
- The IP address of your Trend Micro Apex Central server.
- Any other questions or comments that you have.
-
Click Send Message.
Your CST reviews the details and confirms that Arctic Wolf is successfully processing the logs from your Trend Micro Apex Central server.